Here are the 10 privacy principles outlined in the federal Personal Information Protection & Electronic Documents Act:

> ACCOUNTABILITY. An organization is responsible for personal information under its control, and must make someone accountable for compliance with the following principles.

> IDENTITY PURPOSES. Identify the need for personal information before collecting it.

> CONSENT. Obtain permission from the individual from whom you collect information.

> LIMIT COLLECTION. Limit collection of personal information to what is necessary for the purposes of the organization. Collect information by fair and lawful means.

> DISCLOSURE RETENTION. Use the information only for its original purpose, except with written consent of the person from whom it was collected. Retain only as long as needed.

> ACCURACY. Ensure information is current and accurate.

> SAFEGUARDS. Protect information under lock and key, or with encryption.

> OPENNESS. Make policies and practices available to those from whom you collect information.

> ACCESS. Make information you collect from an individual available to this person on request. Amend for accuracy on request.

> CHALLENGING COMPLIANCE. Establish a system for individuals to challenge your compliance with the above principles.